ghsa-c2cg-7w87-rjjv
Vulnerability from github
Published
2025-06-18 12:30
Modified
2025-06-18 12:30
Details

In the Linux kernel, the following vulnerability has been resolved:

ieee802154/adf7242: defer destroy_workqueue call

There is a possible race condition (use-after-free) like below

(FREE) | (USE) adf7242_remove | adf7242_channel cancel_delayed_work_sync | destroy_workqueue (1) | adf7242_cmd_rx | mod_delayed_work (2) |

The root cause for this race is that the upper layer (ieee802154) is unaware of this detaching event and the function adf7242_channel can be called without any checks.

To fix this, we can add a flag write at the beginning of adf7242_remove and add flag check in adf7242_channel. Or we can just defer the destructive operation like other commit 3e0588c291d6 ("hamradio: defer ax25 kfree after unregister_netdev") which let the ieee802154_unregister_hw() to handle the synchronization. This patch takes the second option.

runs")

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2022-49968"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-18T11:15:24Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nieee802154/adf7242: defer destroy_workqueue call\n\nThere is a possible race condition (use-after-free) like below\n\n  (FREE)                     |  (USE)\n  adf7242_remove             |  adf7242_channel\n   cancel_delayed_work_sync  |\n    destroy_workqueue (1)    |   adf7242_cmd_rx\n                             |    mod_delayed_work (2)\n                             |\n\nThe root cause for this race is that the upper layer (ieee802154) is\nunaware of this detaching event and the function adf7242_channel can\nbe called without any checks.\n\nTo fix this, we can add a flag write at the beginning of adf7242_remove\nand add flag check in adf7242_channel. Or we can just defer the\ndestructive operation like other commit 3e0588c291d6 (\"hamradio: defer\nax25 kfree after unregister_netdev\") which let the\nieee802154_unregister_hw() to handle the synchronization. This patch\ntakes the second option.\n\nruns\")",
  "id": "GHSA-c2cg-7w87-rjjv",
  "modified": "2025-06-18T12:30:38Z",
  "published": "2025-06-18T12:30:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49968"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/15f3b89bd521d5770d36a61fc04a77c293138ba6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/23a29932715ca43bceb2eae1bdb770995afe7271"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9f8558c5c642c62c450c98c99b7d18a709fff485"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/afe7116f6d3b888778ed6d95e3cf724767b9aedf"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bed12d7531df1417fc92c691999ff95e03835008"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/dede80aaf01f4b6e8657d23726cb4a3da226ec4c"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.